Auto sync2gitlab import of dcraw-9.27.0-9.el8.src.rpm

This commit is contained in:
James Antill 2022-05-26 01:18:35 -04:00
parent c3509322f9
commit bbf61e600f
6 changed files with 452 additions and 1 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/dcraw-9.27.0.tar.gz

1
EMPTY
View File

@ -1 +0,0 @@

View File

@ -0,0 +1,38 @@
From affda75b7d868350d7ef9e7a67367826fb3e950d Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils@redhat.com>
Date: Wed, 4 Sep 2013 17:13:49 +0200
Subject: [PATCH] Report errors with LCMS version 2.x.
---
dcraw.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/dcraw.c b/dcraw.c
index 6f8dbbe..d80db64 100644
--- a/dcraw.c
+++ b/dcraw.c
@@ -8902,6 +8902,13 @@ notraw:
}
#ifndef NO_LCMS
+static void lcms2_error_show_handler (cmsContext ContextID,
+ cmsUInt32Number ErrorCode,
+ const char *Text)
+{
+ fprintf (stderr, "lcms2: Error #%d; %s\n", ErrorCode, Text);
+}
+
void CLASS apply_profile (const char *input, const char *output)
{
char *prof;
@@ -8910,6 +8917,7 @@ void CLASS apply_profile (const char *input, const char *output)
FILE *fp;
unsigned size;
+ cmsSetLogErrorHandler (lcms2_error_show_handler);
if (strcmp (input, "embed"))
hInProfile = cmsOpenProfileFromFile (input, "r");
else if (profile_length) {
--
1.9.0

125
dcraw-CVE-2018-5801.patch Normal file
View File

@ -0,0 +1,125 @@
diff -urNp old/dcraw.c new/dcraw.c
--- old/dcraw.c 2018-06-14 12:38:10.519964843 +0200
+++ new/dcraw.c 2018-06-14 13:31:46.304679761 +0200
@@ -1248,6 +1248,10 @@ void CLASS nikon_load_raw()
void CLASS nikon_yuv_load_raw()
{
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!image)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
int row, col, yuv[4], rgb[3], b, c;
UINT64 bitbuf=0;
@@ -1889,6 +1893,10 @@ void CLASS sinar_4shot_load_raw()
unpacked_load_raw();
return;
}
+#ifdef LIBRAW_LIBRARY_BUILD
+ else if(!image)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
pixel = (ushort *) calloc (raw_width, sizeof *pixel);
merror (pixel, "sinar_4shot_load_raw()");
for (shot=0; shot < 4; shot++) {
@@ -2188,6 +2196,11 @@ void CLASS quicktake_100_load_raw()
void CLASS kodak_radc_load_raw()
{
+#ifdef LIBRAW_LIBRARY_BUILD
+ // All kodak radc images are 768x512
+ if(width>768 || raw_width>768 || height > 512 || raw_height>512 )
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
static const char src[] = {
1,1, 2,3, 3,4, 4,2, 5,7, 6,5, 7,6, 7,8,
1,0, 2,1, 3,3, 4,4, 5,2, 6,7, 7,6, 8,5, 8,8,
@@ -2348,6 +2361,10 @@ void CLASS gamma_curve (double pwr, doub
void CLASS lossy_dng_load_raw()
{
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!image)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
struct jpeg_decompress_struct cinfo;
struct jpeg_error_mgr jerr;
JSAMPARRAY buf;
@@ -2444,6 +2461,10 @@ void CLASS eight_bit_load_raw()
void CLASS kodak_c330_load_raw()
{
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!image)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
uchar *pixel;
int row, col, y, cb, cr, rgb[3], c;
@@ -2469,6 +2490,10 @@ void CLASS kodak_c330_load_raw()
void CLASS kodak_c603_load_raw()
{
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!image)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
uchar *pixel;
int row, col, y, cb, cr, rgb[3], c;
@@ -2596,6 +2621,10 @@ void CLASS kodak_65000_load_raw()
void CLASS kodak_ycbcr_load_raw()
{
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!image)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
short buf[384], *bp;
int row, col, len, c, i, j, k, y[2][2], cb, cr, rgb[3];
ushort *ip;
@@ -2624,6 +2653,10 @@ void CLASS kodak_ycbcr_load_raw()
void CLASS kodak_rgb_load_raw()
{
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!image)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
short buf[768], *bp;
int row, col, len, c, i, rgb[3];
ushort *ip=image[0];
@@ -2640,6 +2673,10 @@ void CLASS kodak_rgb_load_raw()
void CLASS kodak_thumb_load_raw()
{
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!image)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
int row, col;
colors = thumb_misc >> 5;
for (row=0; row < height; row++)
@@ -3109,6 +3146,10 @@ void CLASS foveon_thumb()
void CLASS foveon_sd_load_raw()
{
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!image)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
struct decode *dindex;
short diff[1024];
unsigned bitbuf=0;
@@ -3156,6 +3197,10 @@ void CLASS foveon_huff (ushort *huff)
void CLASS foveon_dp_load_raw()
{
+#ifdef LIBRAW_LIBRARY_BUILD
+ if(!image)
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
unsigned c, roff[4], row, col, diff;
ushort huff[512], vpred[2][2], hpred[2];

287
dcraw.spec Normal file
View File

@ -0,0 +1,287 @@
Summary: Tool for decoding raw image data from digital cameras
Name: dcraw
Version: 9.27.0
Release: 9%{?dist}
License: GPLv2+
URL: http://cybercom.net/~dcoffin/dcraw
Source0: http://cybercom.net/~dcoffin/dcraw/archive/dcraw-%{version}.tar.gz
Patch0: dcraw-9.21-lcms2-error-reporting.patch
Patch1: dcraw-CVE-2018-5801.patch
BuildRequires: gcc
BuildRequires: gettext
BuildRequires: libjpeg-devel
BuildRequires: lcms2-devel
BuildRequires: jasper-devel
Provides: bundled(dcraw)
%description
This package contains dcraw, a command line tool to decode raw image data
downloaded from digital cameras.
%prep
%autosetup -n dcraw
%build
gcc %optflags $RPM_LD_FLAGS \
-lm -ljpeg -llcms2 -ljasper \
-DLOCALEDIR="\"%{_datadir}/locale\"" \
-o dcraw dcraw.c
# build language catalogs
for catsrc in dcraw_*.po; do
lang="${catsrc%.po}"
lang="${lang#dcraw_}"
msgfmt -o "dcraw_${lang}.mo" "$catsrc"
done
%install
install -d -m 0755 %{buildroot}%{_bindir}
install -m 0755 dcraw %{buildroot}%{_bindir}
# install language catalogs
for catalog in dcraw_*.mo; do
lang="${catalog%.mo}"
lang="${lang#dcraw_}"
install -d -m 0755 "%{buildroot}%{_datadir}/locale/${lang}/LC_MESSAGES"
install -m 0644 "$catalog" "%{buildroot}%{_datadir}/locale/${lang}/LC_MESSAGES/dcraw.mo"
done
install -d -m 0755 %{buildroot}%{_bindir} %{buildroot}%{_mandir}/man1
install -m 0644 dcraw.1 %{buildroot}%{_mandir}/man1/dcraw.1
# localized manpages
rm -f %{name}-man-files
touch %{name}-man-files
for manpage in dcraw_*.1; do
lang="${manpage%.1}"
lang="${lang#dcraw_}"
install -d -m 0755 "%{buildroot}%{_mandir}/${lang}/man1"
install -m 0644 "${manpage}" "%{buildroot}%{_mandir}/${lang}/man1/dcraw.1"
echo "%%lang($lang) %%{_mandir}/${lang}/man1/*" >> %{name}-man-files
done
%find_lang %{name}
%files -f %{name}.lang -f %{name}-man-files
%{_bindir}/dcraw
%{_mandir}/man1/*
%changelog
* Thu Jul 14 2018 Josef Ridky <jridky@redhat.com> - 9.27.0-9
- Fix CVE-2018-5801 (#1557165) and CVE-2018-5802 (#1557184)
* Fri Feb 23 2018 Florian Weimer <fweimer@redhat.com> - 9.27.0-8
- Use LDFLAGS from redhat-rpm-config
* Tue Feb 20 2018 Nils Philippsen <nils@tiptoe.de> - 9.27.0-7
- require gcc for building
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 9.27.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 9.27.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 9.27.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 9.27.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Dec 05 2016 Than Ngo <than@redhat.com> - 9.27.0-2
- rebuild against new jasper-2.0.0
* Thu Jun 09 2016 Nils Philippsen <nils@redhat.com> - 9.27.0
- version 9.27.0
- use %%autosetup
- remove packaging cruft
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 9.25.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.25.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed May 20 2015 Nils Philippsen <nils@redhat.com> - 9.25.0-2
- add Provides: bundled(dcraw)
- don't manually specify, clean buildroot
* Wed May 20 2015 Nils Philippsen <nils@redhat.com> - 9.25.0-1
- version 9.25.0
- remove unnecessary check from CVE-2013-1438 patch
- avoid writing past array boundaries when reading certain raw formats
(CVE-2015-3885)
* Wed Apr 08 2015 Nils Philippsen <nils@redhat.com> - 9.24.4-1
- version 9.24.4
* Sat Feb 14 2015 Nils Philippsen <nils@redhat.com> - 9.23.0-1
- version 9.23.0
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Mon Jun 30 2014 Nils Philippsen <nils@redhat.com> - 9.22-1
- version 9.22
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.21-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 06 2014 Nils Philippsen <nils@redhat.com> - 9.21-1
- report lcms2 errors
* Mon May 05 2014 Nils Philippsen <nils@redhat.com> - 9.21-1
- version 9.21
* Sat Apr 26 2014 Nils Philippsen <nils@redhat.com> - 9.20-2
- new upstream tarball with unchanged version number (RCS id 1.461 instead of
1.458), obsoletes lcms2 patch
* Wed Jan 15 2014 Nils Philippsen <nils@redhat.com> - 9.20-1
- version 9.20
* Fri Dec 06 2013 Nils Philippsen <nils@redhat.com> - 9.19-4
- harden against corrupt input files (CVE-2013-1438)
* Fri Sep 13 2013 Nils Philippsen <nils@redhat.com> - 9.19-3
- build against the currently maintained version of lcms (2.x)
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.19-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Jun 20 2013 Nils Philippsen <nils@redhat.com> - 9.19-1
- version 9.19
* Mon Jun 03 2013 Nils Philippsen <nils@redhat.com> - 9.18-1
- version 9.18
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.17-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 9.17-2
- rebuild due to "jpeg8-ABI" feature drop
* Mon Jan 14 2013 Nils Philippsen <nils@redhat.com> - 9.17-1
- version 9.17
* Fri Dec 21 2012 Adam Tkac <atkac redhat com> - 9.16-4
- rebuild against new libjpeg
* Thu Oct 18 2012 Nils Philippsen <nils@redhat.com> - 9.16-3
- upstream changed 9.16 tarball, adds support for Samsung NX1000, Sony
DSC-RX100 models
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jul 04 2012 Nils Philippsen <nils@redhat.com> - 9.16-1
- version 9.16
* Tue Jun 19 2012 Nils Philippsen <nils@redhat.com> - 9.15-1
- version 9.15
* Tue Jan 10 2012 Nils Philippsen <nils@redhat.com> - 9.12-2
- rebuild for gcc 4.7
* Thu Dec 22 2011 Nils Philippsen <nils@redhat.com> - 9.12-1
- version 9.12
* Wed Oct 12 2011 Nils Philippsen <nils@redhat.com> - 9.11-1
- version 9.11
* Mon Aug 01 2011 Nils Philippsen <nils@redhat.com> - 9.10-1
- version 9.10
- add BR: jasper-devel, link with jasper library
* Mon May 23 2011 Nils Philippsen <nils@redhat.com> - 9.08-1
- version 9.08
* Thu Apr 14 2011 Nils Philippsen <nils@redhat.com> - 9.07-1
- version 9.07
* Fri Mar 04 2011 Nils Philippsen <nils@redhat.com> - 9.06-1
- version 9.06
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 9.04-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Aug 03 2010 Nils Philippsen <nils@redhat.com> - 9.04-1
- version 9.04
* Wed Jun 02 2010 Nils Philippsen <nils@redhat.com> - 9.01-1
- version 9.01
- color man page files with %%lang()
* Fri Feb 12 2010 Nils Philippsen <nils@redhat.com> - 8.99-1
- version 8.99
* Tue Aug 18 2009 Nils Philippsen <nils@redhat.com> - 8.96-1
- version 8.96
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 8.91-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Mon Mar 02 2009 Nils Philippsen <nils@redhat.com> - 8.91-1
- version 8.91
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 8.89-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Thu Nov 27 2008 Nils Philippsen <nphilipp@redhat.com> - 8.89-1
- version 8.89
- remove obsolete gps patch
* Mon Feb 25 2008 Nils Philippsen <nphilipp@redhat.com> - 8.82-1
- version 8.82
* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 8.81-2
- Autorebuild for GCC 4.3
* Mon Jan 14 2008 Nils Philippsen <nphilipp@redhat.com> - 8.81-1
- version 8.81
- add support for GPS data (#428600, patch by Ulrich Drepper)
* Fri Nov 30 2007 Nils Philippsen <nphilipp@redhat.com> - 8.80-1
- version 8.80
- change license tag to GPLv2+
* Mon Feb 05 2007 Nils Philippsen <nphilipp@redhat.com> - 8.77-2
- rebuild with pristine source tarball
* Mon Feb 05 2007 Nils Philippsen <nphilipp@redhat.com> - 8.77-1
- version 8.77
* Mon Feb 05 2007 Nils Philippsen <nphilipp@redhat.com> - 8.53-2
- fix summary, use %%find_lang (#225678)
* Thu Feb 01 2007 Nils Philippsen <nphilipp@redhat.com> - 8.53-1
- upstream finally has a tarball, use that and its version (#209016)
- use dist tag
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 0.0.20060521-1.1
- rebuild
* Tue May 23 2006 Nils Philippsen <nphilipp@redhat.com> - 0.0.20060521-1
- program and manpage version of 2006-05-21
- use %%optflags
- change license tag to GPL
- use lcms
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 0.0.20051211-1.2
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 0.0.20051211-1.1
- rebuilt for new gcc4.1 snapshot and glibc changes
* Wed Dec 14 2005 Nils Philippsen <nphilipp@redhat.com>
- version of 2005-12-11
- manpage of 2005-09-29
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Wed Mar 02 2005 Nils Philippsen <nphilipp@redhat.com>
- version of 2005-02-27
- manpage of 2005-01-19
* Wed Dec 01 2004 Nils Philippsen <nphilipp@redhat.com>
- version of 2004-11-28
- initial build

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (dcraw-9.27.0.tar.gz) = 2b2faed3f1889ef82a50721f7d3f22b081104b586d644d369fa849ad08604c10898e9dfccf8935828cf432db74352161fe6d1f9bde5fbfa4dd8435188767a17a